Register for this year’s #ChromeDevSummit happening on Nov. 11-12 in San Francisco to learn about the latest features and tools coming to the Web. Request an invite on the Chrome Dev Summit 2019 website

Deprecations and removals in Chrome 67

Deprecate HTTP-Based Public Key Pinning

HTTP-Based Public Key Pinning (HPKP) was intended to allow websites to send an
HTTP header that pins one or more of the public keys present in the site's
certificate chain. It has very low adoption, and although it provides security
against certificate mis-issuance, it also creates risks of denial of service and
hostile pinning.

To defend against certificate mis-issuance, web developers should use the
Expect-CT header, including its reporting function. Expect-CT is safer than HPKP
due to the flexibility it gives site operators to recover from configuration
errors, and due to the built-in support offered by a number of certificate authorities.

Deprecate AppCache on Non-secure Contexts

AppCache over HTTP is deprecated. AppCache is a powerful feature that allows offline and
persistent access to an origin. Allowing AppCache to be used over non-secure contexts
makes it an attack vector for cross-site scripting hacks.

Deprecation policy

To keep the platform healthy, we sometimes remove APIs from the Web Platform
which have run their course. There can be many reasons why we would remove an
API, such as:

They are superseded by newer APIs.

They are updated to reflect changes to specifications to bring alignment
and consistency with other browsers.

They are early experiments that never came to fruition in other browsers
and thus can increase the burden of support for web developers.

Some of these changes will have an effect on a very small number of sites. To
mitigate issues ahead of time, we try to give developers advanced notice so
they can make the required changes to keep their sites running.

Set warnings and give time scales in the Chrome DevTools Console when usage
is detected on the page.

Wait, monitor, and then remove the feature as usage drops.

You can find a list of all deprecated features on chromestatus.com using the
deprecated filter and removed features by applying the
removed filter.
We will also try to summarize some of the changes, reasoning, and migration
paths in these posts.

rss_feed
Subscribe to our
RSS or
Atom feed
and get the latest updates in your favorite feed reader!